27 matches found
AI and the Future of American Politics
Two years ago, Americans anxious about the forthcoming 2024 presidential election were considering the malevolent force of an election influencer: artificial intelligence. Over the past several years, we have seen plenty of warning signs from elections worldwide demonstrating how AI can be used t...
Topology Generation of UAV Covert Communication Networks: a Graph Diffusion Approach with Incentive Mechanism
With the growing demand for Uncrewed Aerial Vehicle UAV networks in sensitive applications, such as urban monitoring, emergency response, and secure sensing, ensuring reliable connectivity and covert communication has become increasingly vital. However, dynamic mobility and exposure risks pose...
CVE-2014-9236
Cross-site scripting XSS vulnerability in php/editphotos.php in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 photographerid or 2 crumb parameter...
AI and the 2024 Elections
It's been the biggest year for elections in human history: 2024 is a "super-cycle" year in which 3.7 billion eligible voters in 72 countries had the chance to go the polls. These are also the first AI elections, where many feared that deepfakes and artificial intelligence-generated misinformation...
Protecting major events: An incident response blueprint
Ensuring the cybersecurity of major events -- whether it's sports, professional conferences, expos, inter-government meetings or other gatherings -- is a complex and time-intensive task. It requires a comprehensive approach and collaboration among various stakeholders, including vendors,...
[SECURITY] Fedora 40 Update: xml-commons-apis-1.4.01-46.fc40
xml-commons-apis is designed to organize and have common packaging for the various externally-defined standard interfaces for XML. This includes the DOM, SAX, and JAXP...
Psudohash - Password List Generator That Focuses On Keywords Mutated By Commonly Used Password Creation Patterns
psudohash is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more. ...
Jenkins Self-Organizing Swarm Plug-in Modules Plugin XXE vulnerability via UDP broadcast response
Jenkins Swarm Plugin allows clients to auto-discover Jenkins instances on the same network through a UDP discovery request. Responses to this request are XML documents. Swarm Plugin does not configure the XML parser in a way that would prevent XML External Entity XXE processing. This allows...
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2022-22712)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. remot...
SubCrawl - A Modular Framework For Discovering Open Directories, Identifying Unique Content Through Signatures And Organizing The Data With Optional Output Modules, Such As MISP
SubCrawl is a framework developed by Patrick Schläpfer, Josh Stroschein and Alex Holland of HP Inc’s Threat Research team. SubCrawl is designed to find, scan and analyze open directories. The framework is modular, consisting of four components: input modules, processing modules, output modules an...
Microsoft SharePoint Server Information Disclosure Vulnerability (CNVD-2021-82955)
Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and...
CloudBees Jenkins Self-Organizing Swarm Plug-in Modules Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Self-Organizing Swarm Plug-in Modules Plugin is a plug-in that supports the...
CVE-2020-2192
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...
CVE-2020-2192
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...
CVE-2020-2192
The CVE-2020-2192 entry covers a CSRF vulnerability in Jenkins Swarm Plugin (Self-Organizing Swarm Plug-in Modules) up to version 3.20. The issue arises because the plugin exposes API endpoints that add or remove agent labels and, in 3.20 and earlier, do not perform regular permission checks or r...
CVE-2020-2192
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...
CVE-2020-2192
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...
CVE-2020-2191
CVE-2020-2191 concerns Jenkins Self-Organizing Swarm Plug-in Modules Plugin (3.20 and earlier). The root issue is missing permission checks on API endpoints that add or remove agent labels, allowing users with limited rights to perform label modifications. The vulnerability’s documented impact is...
PT-2020-15405 · Jenkins · Jenkins Self-Organizing Swarm Plug-In Modules Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Self-Organizing Swarm Plug-in Modules Plugin versions 3.20 and earlier Description: The issue concerns the lack of permission checks on API endpoints that allow adding and removing agent labels. This allows users with Agent/Create...
Jenkins Swarm Plugin XML external entities information disclosure vulnerability
Summary The Jenkins Self-Organizing Swarm Modules Plugin, version 3.14, contains a trivial XXE XML External Entities vulnerability inside of the getCandidateFromDatagramResponses method. As a result of this issue, it is possible for an attacker on the same network as a Swarm client to read...